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Introduction 


Marcus Felson and Mary Eckert, in their recent book Crime and Eueryday Life (Felson and Eckert, 
2016) describe how technology has influenced crime. When most people lived in ‘the village’ 
without the technology to venture far from home, villagers suffered crime from marauding 
bandits. The domestication of horses increased people’s reach and created ‘the town’. Horses 
and wagons became new tools and targets of crime. Then nautical technology created ‘the 
convergent city’, with ships providing new tools and the cargo the target. Then ‘the divergent 
metropolis’, arrived, thanks to modern transportation technology. Cars are not only an important 
target of crime but a powerful tool too. 

We now live in ‘the connected world’, where computers and networks are both a target of 
crime as well as a powerful tool. A recent report from the UK National Crime Agency states 
that for the first time in history there is more recorded cyber-crime than traditional crime 
(NCA, 2016). Therefore students of crime need at least a basic understanding of the role that 
computers and networks play in the commission of crime, in the prevention of crime, and also 
in the study of crime. This chapter gives an introduction to these topics from the crime-science 
perspective, but we begin by giving three examples to illustrate the main point. 


e Phishing is one of the most popular ways of using computers and networks in the commis- 
sion of crime because the technology scales well. It is almost as easy to send one phishing 
email as to send millions. Even with a success rate as low as 10° phishing can be profitable 
(Milletary, 2013). 

e Security cameras are ubiquitous in the UK and in many other countries. In a modern 
city with a good networking infrastructure, security cameras are a scalable technology. 
Therefore, it is possible to keep a watchful eye on many places of interest and indeed 
studies have shown that the technology can contribute to crime prevention (Welsh and 
Farrington, 2008). 

e Computational social science is a field of study where the power of computers and networks 
is used to study social sciences. For example, a computer program can simulate behav- 
iour predicted by a theory. If the results are not realistic, the theory is probably wrong. 
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This is usually a much cheaper way of refuting a theory than conducting an experiment 
(von der Heyde, Miebach, and Kluge, 2014; Rosoff, Cui, and John, 2014). Again the tech- 
nology scales well. 


In this chapter we will explore the relationship between crime and computers and networks by 
answering the following questions: 


e Which techniques from computer science can be used to prevent crime? 
e Which techniques from computer science can be used to study crime? 


To address the first question we use the 25 techniques of situational crime prevention to provide 
a systematic assessment of how computer and network technology can be used to prevent crime. 
The second question will be addressed by discussing computer simulation methods in cases 
where real experiments with crime prevention would be too costly or impractical. 


Crime prevention 
Borrowing from situational crime prevention, crime science offers five principles to prevent 


crime or to deter the offender. 


1 Increase the effort needed for crime, for example better locks require more effort to pick, 
or better passwords require more effort to guess. 


N 


Increase the risks of crime, for example well-lit windows increase the risk of being 
caught during burglary, or an operator monitoring the network increases the risk of 
being caught during a hacking attempt. 

3 Reduce the rewards of crime, for example marked parts of a stolen vehicle are harder to 
fence, or encrypted data is harder to sell. 

4 Reduce provocations that invite criminal behaviour, for example rapid cleaning of graf- 
fiti discourages the application of more graffiti, or rapid restoration of defaced websites 
discourages repetition. 

5 Remove excuses for criminal behaviour, for example many systems specify an acceptable 

use policy that informs users of what behaviour is acceptable. 


For each of the five principles, five generic techniques of situational crime prevention have been 
developed. Together, they are known as the ‘25 techniques of situational crime prevention’. 

We have found seven reviews in the literature that suggest how computers and networks 
can be used as a specific instance of the 25 generic techniques (Beebe and Rao, 2005; Brookson 
et al., 2007; Coles-Kemp and Theoharidou, 2010; Morris, 2004b; Newman and Clarke, 2003; 
Willison and Siponen, 2009; Reyns, 2010). 

Table 12.1 compares the way in which the reviews suggest how computer science tech- 
niques can be used to prevent crime. We list 12 techniques that have been mentioned at least 
three times in the reviews and then describe them in some detail below. For the remaining 
techniques we refer the reader to the references provided. 


1 A password or PIN code used to authenticate a user. 

2 Encryption of data files to ensure that once encrypted, they can be read only when the 
correct decryption key is known. 

3 A firewall that is used to stop potentially malicious connections to a computer or network. 
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4 A de-militarised zone (DMZ) used to isolate the public web server of an organisation from 
the internal network. 
5 An intrusion detection system (IDS) used to stop potentially malicious information being 
sent to a computer or network. 
6 A virus scanner used to detect malicious code in the information being sent to a computer 
or network. 
7 Prompt software patching to remove vulnerabilities as soon as a correction has been pub- 
lished. 
8 A radio-frequency identification (RFID) tag used to provide information about the prod- 
uct to which it is attached. 
9 The caller-ID feature of the telephone system used to inform the recipient of a telephone 
call who is calling. 
10 An audit log used to collect relevant operational data that can be analysed when there is an 
incident. 
11 An internet service provider (ISP) can assist its clients in using the information super high- 
way responsibly. 
12 User education, which is included in the list to emphasise that humans play an important 
role in crime prevention. 


We will now discuss the 12 techniques in more detail. 

Passwords and PIN codes are mentioned in all reviews, as these are standard tools. Unfortunately, 
a good password or PIN code is hard to remember so that as a result passwords and PIN codes 
that are currently in use are often weak (Anderson, 2008). 

Encryption is seen by two reviews (Brookson et al., 2007; Morris, 2004b) as a means to 
harden targets and by the others (Beebe and Rao, 2005; Coles-Kemp and Theoharidou, 2010; 
Willison and Siponen, 2009; Newman and Clarke, 2003) as a means to deny benefits. The 
apparent ambiguity can be resolved if we take a crime specific example, such as stealing a lap- 
top with full disk encryption. Disk encryption increases the efforts on the part of the offender 
because s/he will now have to break the disk encryption. If the offender is unable to break the 
disk encryption, the laptop will be worth less; hence encryption will also reduce rewards. 

Spatial fragmentation is a target-hardening technique that can be used to prevent products 
from being lost or stolen. For example, an in-car entertainment system that consists of separate 
components built into various places into a car is harder to steal than a single component (Ekblom, 
2008). Spatial fragmentation is more easily applied to a networked system, for example peer to 
peer systems usually apply spatial fragmentation to improve resilience, but the spatial fragmenta- 
tion could be leveraged to prevent illegal downloading too. In a sense threshold cryptography 
is an instance of spatial fragmentation too. In (n,t) threshold cryptography the decryption key is 
split into n shares in such a way that decryption can only take place when the number of shares 
present during decryption equals or exceeds a previously determined threshold t. 

Firewalls are mentioned in four reviews (Beebe and Rao, 2005; Brookson et al., 2007; Morris, 
2004b; Newman and Clarke, 2003) as a specific technique for target hardening. One review 
(Coles-Kemp and Theoharidou, 2010) proposes firewalls as a technique for access control and 
screening exits. Screening exits is an interesting application, as it is as relevant to prevent offend- 
ers from getting information out of an organisation as it is to prevent offenders from getting into 
the organisation in the first place. 

A DMZ is mentioned by three reviews (Brookson et al., 2007; Beebe and Rao, 2005; 
Coles-Kemp and Theoharidou, 2010) as a method for target concealment, typically the internal 
network of an organisation. 
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An IDS is mentioned in five reviews (Morris, 2004b; Brookson et al., 2007; Willison and 
Siponen, 2009), but in two different ways: as a form of formal surveillance (Coles-Kemp and 
Theoharidou, 2010; Willison and Siponen, 2009), and as an example of utilising place managers 
(Brookson et al., 2007). The difference between the two generic techniques is best explained in 
the physical world: formal surveillance is carried out by specially appointed personnel, whereas 
place managers could be colleagues watching each other. An IDS can also be used for access 
control (Coles-Kemp and Theoharidou, 2010), target hardening (Morris, 2004b), and screening 
exits (Beebe and Rao, 2005). 

A virus scanner is mentioned as a measure for target hardening (Brookson et al., 2007), and 
formal surveillance (Morris, 2004b). 

Prompt software patching is mentioned in four reviews. Software patching is a standard method 
for target hardening (Beebe and Rao, 2005; Morris, 2004b), but it can be used to discourage 
imitation (Willison and Siponen, 2009; Coles-Kemp and Theoharidou, 2010), since hackers, 
who often use each other’s exploits, cannot do so if a vulnerability is patched. 

RFID tags are mentioned in one review (Brookson et al., 2007), but in three different 
capacities: (1) to extend guardianship to reflect the idea that the tag can be used to raise the alarm 
in the case of shoplifting; (2) to reduce anonymity since tagged goods can be used to trace the 
person carrying the goods; (3) to enable formal surveillance, since tagged goods make it easier 
to recognise shoplifters. RFID tags can be thought of as a technique to identify property. RFID 
tags can be used for all of the 25 generic techniques. 

Caller-ID is mentioned in two reviews (Brookson et al., 2007; Morris, 2004b) as an effective 
technique to control access, reduce anonymity, and to control facilitators. In the real world, 
caller-ID has reduced the number of nuisance calls in the telephone network (Clarke, 1990). 
This suggests that a fruitful line of research would be to look for similar, effective techniques 
for the internet. We have found two relevant papers. The first approach, called IPclip (Widiger 
et al., 2008), requires hardware support and changes to the way that an ISP operates. The second 
approach, called Clue (Afanasyev et al., 2011), adds identification information in software. As 
long as offenders use their own PCs to approach their victim, both IPclip and Clue could be 
effective. However, since offenders prefer to use hijacked computers rather than their own, the 
trace from the victim to the offending PC will end at the hijacked PC and not at the offenders 
PC, thus defeating the objective of the two techniques that have been published thus far. 

An audit trail is mentioned by several reviews (Beebe and Rao, 2005; Brookson et al., 2007; 
Coles-Kemp and Theoharidou, 2010; Morris, 2004b; Newman and Clarke, 2003) as a tool to 
investigate the sequence of events leading up to an incident. An audit trail does not prevent 
crime per se, but the fact that all actions are logged can be used as a deterrent (Newman and 
Clarke, 2003). 

The ISP should be more active in the prevention of crime. This conclusion is shared by all 
reviews. We have also found suggestions in the related work to empower the ISP. For example 
some years ago only 5 per cent of all downloads were paid for (Kennedy, 2009), which caused 
a serious problem for the music industry. Kennedy describes two approaches where the ISP 
can play a key role. For example, using bandwidth for illegal downloads reduces bandwidth for 
legal use of the network. A typical ISP would block or throttle bit-torrent traffic, when it is 
responsible for illegal downloads. This would be an instance of the generic technique of control 
facilitators. Reducing the potential for illegal downloads automatically increases the available 
bandwidth for legal use. Whether this is an appropriate solution is open to debate, as bit tor- 
rent also has legal uses. There is also a fundamental issue here in the sense that an ISP blockade 
goes against the principle of net neutrality (van Schewick and Farber, 2009). ISP blocking can 
even help the offender rather than preventing crime: Clayton (2005) describes how a major 
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ISP implemented a system for blocking content (child pornography), which leaked the list of 
blocked sites. The blocking system could then be used by the offenders as an ‘oracle’ to discover 
which sites were on the black list, so that they could take evasive action. The main conclusion 
of Clayton’s paper is that a ‘fit and forget’ approach to designing internet-based crime preven- 
tion is doomed to failure; instead the potential targets are engaged in a perpetual arms race with 
the offenders. 

The Morris reports (Morris, 2004a, 2004b) contain suggestions for empowering the ISP. The 
Morris panels (2004b) would like to see the ISP as a first line of defence (i.e. target hardening) to 
assist consumers in keeping their computers clean and healthy. The services provided by the ISP 
can also be seen as a tool for the offender to reach his or her targets. In this sense, making the 
ISP more accountable for what goes on in its network can be seen as an instance of the control 
facilitator’s generic technique. Finally, the ISP could advertise that it is proactive in preventing 
crime, and that the ISP will cooperate closely with the police wherever possible. This falls into 
the generic technique of alert conscience. 

Education of offenders, targets, and guardians is considered useful by all reviews to remove 
excuses. Brookson et al. (2007) believe that if we alert their consciences potential offenders 
might be discouraged from engaging in software and content piracy. In the context of their 
work on insiders, Willison and Siponen (2009) suggest that the education of staff might assist 
compliance with company policies. The Morris (2004b) report asserts that customer security 
education for e-banking, for example using the five “golden rules’ of e-banking, is a specific case 
of set rules. Finally, using education to control disinhibitors merits a little digression. Before the 
internet went commercial in the early 1990s some users adhered to the ‘hacker’s ethic’ which 
held that information should be free (Furnell et al., 1999). When the internet opened for busi- 
ness, new information was made available that is clearly not free. However the hackers’ ethic 
is still with us today, which is a disinhibitor for good behaviour (Newman and Clarke, 2003). 
Education would be appropriate to explain the difference between information that is free and 
information that is not. 

Having established how useful it is to adopt the systematic approach of crime science to 
information security, we now turn our attention to the converse, discussing the use of computer 
science techniques for the study of crime. 


Crime simulation 


Science uses computers to collect and analyse experimental and simulated data, using networks 
to collaborate. For example the high-energy physics community was the first non-military 
user of the internet and thanks to the computers and networks e-science is flourishing today 
(Craddock et al., 2008). The development of computational social science follows the lead of 
natural science. For example Lazer et al. (2009) observe that what we all do in our everyday 
life leaves traces on the internet, thus providing a source of information that can be mined and 
analysed. Privacy concerns limit the data available to researchers, but there is hope that these 
problems can be resolved (Kenneally and Claffy, 2010). 

Crime science is a member of the computational social-science family because the analysis of 
crime data is an important aspect of crime science. However, this is not all. Crime science empha- 
sises that each new idea for the prevention of crime must be properly evaluated, preferably in a 
well-designed experiment or else in a quasi-experiment or a well-designed time-series analysis. 
Unfortunately, there are practical limitations to what can be achieved in a real-life experiment. 

Firstly, some experiments are just too costly. For example if we believe that chang- 
ing the street pattern of a city might reduce crime, then it will be hard to convince the 
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authorities to change the street pattern just for a scientific experiment (Brantingham and 
Brantingham, 1993). 

Secondly, crime data contains systematic errors. Sometimes, neither the offender, nor the 
target, or the police, have an interest in providing correct data (Gove et al., 1985; Langworthy, 
1999; Thornberry and Krohn, 2000). For example, a repeat offender has a vested interest in 
keeping silent about his crimes, and the police might be interested in inflating the crime rate to 
ensure that the police force will receive more funding (Eck and Liu, 2008a). It is well known 
that police recording policies and practices have a strong impact on the officially registered vol- 
ume of crime, particularly violent crime (Shepherd and Sivarajasingam, 2005; Wittebrood and 
Junger, 2002). 

Computer-based simulated experiments can help to circumvent these problems (Groff and 
Mazerolle, 2008). For example, in a computer-based experiment we can change the map of a 
street pattern. We can also use a simulation-based experiment to fill the gaps in available crime 
data. However, in a computer-based experiment we do not have access to the actors involved, 
such as the offender, the target, or the capable guardian. Therefore, the behaviour of these actors 
must be modelled too. Modelling humans is hard, but in the study of crime we are primarily 
interested in behaviour that is believed to be represented by a number of relatively manage- 
able perspectives, such as rational choice, routine activity, and crime pattern theory. These 
perspectives can be codified to a certain extent (Bosse et al., 2009b), thus endowing the actors 
in a simulation with behaviour relevant for a human actor. With a model of the actors and the 
relevant environment we can use a computer to simulate crime events. 

We consider computer-based modelling and analysis of crime as part of crime science. 
However, the term “computational criminology’ is also being used; it seems to have been 
employed first by Patricia and Paul Brantingham (2005). We will now discuss the research of 
the main groups working on crime simulation. 

The main idea of crime simulations is to compute the steps leading to a crime event so that 
predictions about real crime and its prevention can be made. Agent-based simulations are com- 
monly used (Eck and Liu, 2008a), since the behaviour of human actors can be codified by way 
of rules that determine the behaviour of the agents. The aim of a simulation is then to infer 
aggregate behaviour from the individual behaviour of crime agents. Epstein (1999) argues that 
the main reason why this works is that the principle of ‘bounded rationality’ (which is an aspect 
of RCP) is also the essence of generative simulation. Quoting Epstein (1999, p. 42): ‘Situate 
an initial population of autonomous heterogeneous agents in a relevant spatial environment; 
allow them to interact according to simple local rules, and thereby generate — or grow— the 
macroscopic regularity from the bottom up’. The agents of crime include the offender, the tar- 
get, and the capable guardian. The simple local rules are provided by the relevant perspective, 
for example bounded rationality restricts the decision of the offender agent to local knowledge, 
and ensures that the decision is a rational one taking account of risk. The rules for the offender 
steer the latter towards a state where the crime has been committed, whereas the target and the 
guardian try to avoid the crime. The fact that the offender and the target have opposing goals 
naturally leads to the suggestion that game theory could be a useful meta-theory. The spatial 
environment could be a geographical environment modelled by a geographical information 
system (GIS), or it could be a social network. The macroscopic regularity could be a statement 
such as: ‘burglary is communicable’, which means that the spreading of burglaries follows the 
same pattern as a communicable disease (Bowers et al., 2004). 

The strength of generative simulation is that it can be used to discount inappropriate 
theories, since a simulation that does not generate the sought-after macroscopic regularity is 
probably based on a theory that does not apply (Birks et al., 2012). The limitation of generative 
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simulation is that there could be more than one theory that can erow the regularity, so gen- 
erative simulation should not be interpreted as a proof that the theory is the best or only 
explanation of a certain macroscopic regularity. 

Our primary interest is in the ability of generative crime simulation to answer what-if ques- 
tions. For example, ‘what would happen to crime rates if we change the layout of the street 
pattern?’ If the simulation indicates that this would not be useful, then a costly empirical experi- 
ment can be avoided. To answer what-if questions we could vary the initial configuration or 
the rules of the agents. For example, the effect of increasing the number of capable guardians 
can be studied simply by increasing the number of agents playing the role of a capable guardian. 
However, in practice, the number of configurations that one can choose from is often huge, so 
skill and intuition are required to drive the simulations. As yet there is insufficient progress in the 
field to make simulated what-if experiments routine (Glasser and Vajihollahi, 2008). 

Any simulation must ultimately be validated with real data (Berk, 2008). We have not found 
reports of such validations, presumably for reasons of cost, ethics, and privacy (Lazer et al., 2009). 

We have found several strands of work in the literature on the generative simulation of crime. 
We differentiate related work on the way in which the macroscopic regularity is specified. 


e Researchers at the Vrije Universiteit in Amsterdam use a logical approach to the specifica- 
tion of the macroscopic regularity, where a kind of model checking separates simulated 
behavioural traces that lead to crime from those that do not lead to crime (Bosse et al., 2007a, 
2007b; Bosse and Gerritsen, 2008, 2009; Bosse et al., 2009b, 2009a; Bosse et al., 2009b). 

e Researchers at Simon Fraser University in Vancouver use an interactive approach towards 
the detection of the macroscopic regularity, in the sense that successful simulations exhibit 
for example crime hotspots (Glasser et al., 2006; Glasser and Vajihollahi, 2008; Glasser 
et al., 2008; Brantingham et al., 2004, 2005). Crime Pattern Theory (Brantingham and 
Brantingham, 1993, 1995) forms the basis of the simulations; hence the focus is on the 
spatial and temporal behaviour of the offenders and their targets (Short et al., 2010). 

e Researchers at the University of Cincinnati (Eck, 1998; Eck and Liu, 2008b, 2008a; Liu 
et al., 2005; Wang et al., 2008) and the University of Virginia in Charlottesville (Brown, 
1998; Brown et al., 2000; Brown and Gunderson, 2001; Brown and Oxford, 2001; 
Gunderson and Brown, 2000; Gunderson, 2002; Lin and Brown, 2003, 2006; Porter and 
Brown, 2007; Xue and Brown, 2003, 2006) use statistical approaches towards the specifica- 
tion of the macroscopic regularity, such as clustering (Brown and Gunderson, 2001), and 
data association (Brown et al., 2000). 


We found one proposal on agent-based simulation of cyber-crime. Gunderson and Brown 
(2000), from the University of Virginia propose using the same methods and tools that are used 
successfully to predict traditional crime, without elaborating what the notion of space in the 
cyber-world might be. 

Computational social science is relatively young but has a lot to offer to social science in 
general and to crime science in particular. 


Conclusions 


In conclusion, we found a considerable amount of work in the literature that suggests how 
crime-science methods can be used by computer scientists and vice versa. We have provided 
references to relevant related work, but space limitations preclude us from citing more than the 
tip of the proverbial iceberg. 
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